package org.kimoji.security.service;

import java.util.Calendar;

import javax.servlet.http.Cookie;

import net.tanesha.recaptcha.ReCaptcha;
import net.tanesha.recaptcha.ReCaptchaImpl;
import net.tanesha.recaptcha.ReCaptchaResponse;

import org.kimoji.base.BaseService;
import org.kimoji.entity.User;
import org.kimoji.entity.biz.JsonRes;
import org.kimoji.global.tool.CacheTool;
import org.kimoji.message.MailService;
import org.kimoji.security.dao.SecurityDAO;
import org.kimoji.security.entity.Account;
import org.kimoji.security.tool.SecurityTool;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
public class SecurityService extends BaseService {

	@Autowired
	private MailService mailService;
	@Autowired
	private SecurityDAO securityDAO;
	@Autowired
	private ReCaptcha reCaptcha;

	/**
	 * 登錄 <strong>Description</strong>:
	 * 
	 * @param account
	 * @return JsonRes : 
	 * @author chok 2013-12-15
	 */
	public JsonRes login(Account account) {

		String verifyCode = account.getVerifyCode();

		JsonRes jsonRes = getJsonRes(Boolean.FALSE);

		if (checkVerifyCode(verifyCode)) {
			String loginName = account.getLoginName();
			Account localAccount = securityDAO.loadAccountByLoginName(loginName);
			if (null == localAccount) {/* 賬號不存在 */
				jsonRes.setMessage("賬號或密碼有誤，請重新輸入");
			} else {/* 賬號存在 */
				String password = account.getPassword();
				password = SecurityTool.md5(password);
				String localPassowrd = localAccount.getPassword();
				if (localPassowrd.equals(password)) {/* 密碼正確 */
					/* 清空密碼 */
					clearAccount(localAccount);
					
					jsonRes.setSuccess(Boolean.TRUE);
					jsonRes.setObject(localAccount);
					
					String key = SecurityTool.AESEncrypt(localAccount.getId()+ ":" + Calendar.getInstance().getTimeInMillis());
					jsonRes.setAddition(key);
					securityDAO.cacheAuth(key, String.valueOf(localAccount.getId()));
					
				} else {/* 密碼不正確 */
					jsonRes.setMessage("賬號或密碼有誤，請重新輸入");
				}
			}
		} else {/* 驗證碼不正確 */
			jsonRes.setMessage("驗證碼不正確");
		}
		return jsonRes;
	}

	/**
	 * 註冊賬號 <strong>Description</strong>:
	 * 
	 * @param account
	 * @return
	 * @return int
	 * @author chok 2013-12-15
	 */
	public JsonRes register(Account account,String recaptcha_challenge_field,String recaptcha_response_field) {

		ReCaptchaResponse captchaResponse = reCaptcha.checkAnswer("", recaptcha_challenge_field,recaptcha_response_field);

		JsonRes jsonRes = getJsonRes(Boolean.FALSE);

		if (captchaResponse.isValid()) {
			String loginName = account.getLoginName();
			String password = account.getPassword();
			if (null != loginName && null != password) {
				Account localAccount = securityDAO.loadAccountByLoginName(loginName);

				if (null == localAccount) {/* 新賬號 */
					password = SecurityTool.md5(password);
					account.setPassword(password);
					account = securityDAO.saveAccount(account);
					if(account.getId()!=0){
						/* 發送激活郵件 */
						mailService.sendActivationMail(account);
						
						account = clearAccount(account);
						jsonRes.setSuccess(Boolean.TRUE);
						String key = SecurityTool.md5(String.valueOf(account.getId()));
						jsonRes.setAddition(key);
						CacheTool.save(key, localAccount);
						jsonRes.setObject(account);
					}else{
						jsonRes.setMessage("昵稱已被使用");
						jsonRes.setObject("#J_registerNickname");
					}
				} else {/* 郵箱已註冊 */
					jsonRes.setMessage("此郵箱已註冊");
					jsonRes.setObject("#J_registerLoginName");
				}
			} else {/* 账号密码格式不正确 */
				jsonRes.setMessage("賬號或密碼格式不正確");
				jsonRes.setObject("#J_registerLoginName");
			}
		} else {/* 驗證碼不正確 */
			jsonRes.setMessage("驗證碼不正確");
			jsonRes.setObject("#recaptcha_response_field");
		}
		return jsonRes;
	}

	/**
	 * 校驗驗證碼 <strong>Description</strong>:
	 * 
	 * @param verifyCode
	 * @return
	 * @return boolean
	 * @author chok 2013-12-15
	 */
	private boolean checkVerifyCode(String verifyCode) {
		return true;
	}

	/**
	 * 
	 * <strong>Description</strong>:
	 * 
	 * @param accountBiz
	 * @return
	 * @return JsonRes
	 * @author chok 2013-12-15
	 */
	public JsonRes changePassword(Account account, String newPassowrd, String retypeNewPassword) {
		return null;
	}
	
	public String identify(String token){
		return securityDAO.loadAuth(token);
	}
	
	public boolean logout(Cookie cookie){
		if(null != cookie){
			securityDAO.eliminateAuth(cookie.getValue());
			return Boolean.TRUE;
		}
		return Boolean.FALSE;
	}

}
